IDeobfuscator DetectObfuscator2(IEnumerable <IDeobfuscator> deobfuscators)
{
var allDetected = new List <IDeobfuscator>();
IDeobfuscator detected = null;
int detectVal = 0;
foreach (var deob in deobfuscators)
{
this.deob = deob; // So we can call deob.CanInlineMethods in deobfuscate()
int val;
//TODO: Re-enable exception handler
//try {
val = deob.Detect();
/*}
* catch {
* val = deob.Type == "un" ? 1 : 0;
* }*/
Logger.v("{0,3}: {1}", val, deob.TypeLong);
if (val > 0 && deob.Type != "un")
{
allDetected.Add(deob);
}
if (val > detectVal)
{
detectVal = val;
detected = deob;
}
}
this.deob = null;
if (allDetected.Count > 1)
{
Logger.n("More than one obfuscator detected:");
Logger.Instance.Indent();
foreach (var deob in allDetected)
{
Logger.n("{0} (use: -p {1})", deob.Name, deob.Type);
}
Logger.Instance.DeIndent();
}
return(detected);
}
void DetectObfuscator(IEnumerable <IDeobfuscator> deobfuscators)
{
// The deobfuscators may call methods to deobfuscate control flow and decrypt
// strings (statically) in order to detect the obfuscator.
if (!options.ControlFlowDeobfuscation || options.StringDecrypterType == DecrypterType.None)
{
savedMethodBodies = new SavedMethodBodies();
}
// It's not null if it unpacked a native file
if (this.deob != null)
{
deob.Initialize(module);
deob.DeobfuscatedFile = this;
deob.Detect();
return;
}
foreach (var deob in deobfuscators)
{
deob.Initialize(module);
deob.DeobfuscatedFile = this;
}
if (options.ForcedObfuscatorType != null)
{
foreach (var deob in deobfuscators)
{
if (string.Equals(options.ForcedObfuscatorType, deob.Type, StringComparison.OrdinalIgnoreCase))
{
this.deob = deob;
deob.Detect();
return;
}
}
}
else
{
this.deob = DetectObfuscator2(deobfuscators);
}
}
IDeobfuscator DetectObfuscator2(IEnumerable<IDeobfuscator> deobfuscators) {
var allDetected = new List<IDeobfuscator>();
IDeobfuscator detected = null;
int detectVal = 0;
foreach (var deob in deobfuscators) {
this.deob = deob; // So we can call deob.CanInlineMethods in deobfuscate()
int val;
try {
val = deob.Detect();
}
catch {
val = deob.Type == "un" ? 1 : 0;
}
Logger.v("{0,3}: {1}", val, deob.TypeLong);
if (val > 0 && deob.Type != "un")
allDetected.Add(deob);
if (val > detectVal) {
detectVal = val;
detected = deob;
}
}
this.deob = null;
if (allDetected.Count > 1) {
Logger.n("More than one obfuscator detected:");
Logger.Instance.Indent();
foreach (var deob in allDetected)
Logger.n("{0} (use: -p {1})", deob.Name, deob.Type);
Logger.Instance.DeIndent();
}
return detected;
}
void DetectObfuscator(IEnumerable<IDeobfuscator> deobfuscators) {
// The deobfuscators may call methods to deobfuscate control flow and decrypt
// strings (statically) in order to detect the obfuscator.
if (!options.ControlFlowDeobfuscation || options.StringDecrypterType == DecrypterType.None)
savedMethodBodies = new SavedMethodBodies();
// It's not null if it unpacked a native file
if (this.deob != null) {
deob.Initialize(module);
deob.DeobfuscatedFile = this;
deob.Detect();
return;
}
foreach (var deob in deobfuscators) {
deob.Initialize(module);
deob.DeobfuscatedFile = this;
}
if (options.ForcedObfuscatorType != null) {
foreach (var deob in deobfuscators) {
if (string.Equals(options.ForcedObfuscatorType, deob.Type, StringComparison.OrdinalIgnoreCase)) {
this.deob = deob;
deob.Detect();
return;
}
}
}
else
this.deob = DetectObfuscator2(deobfuscators);
}